Action not permitted
Modal body text goes here.
CVE-2020-8450
Vulnerability from cvelistv5
Published
2020-02-04 19:51
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.485Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "name": "USN-4289-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4289-1/" }, { "name": "openSUSE-SU-2020:0307", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "name": "GLSA-202003-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-34" }, { "name": "FEDORA-2020-ab8e7463ab", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "name": "FEDORA-2020-790296a8f4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "name": "openSUSE-SU-2020:0606", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "name": "DSA-4682", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4682" }, { "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-04T12:06:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "name": "USN-4289-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4289-1/" }, { "name": "openSUSE-SU-2020:0307", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "name": "GLSA-202003-34", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-34" }, { "name": "FEDORA-2020-ab8e7463ab", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "name": "FEDORA-2020-790296a8f4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "name": "openSUSE-SU-2020:0606", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "name": "DSA-4682", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4682" }, { "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", "refsource": "MISC", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" }, { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "name": "USN-4289-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4289-1/" }, { "name": "openSUSE-SU-2020:0307", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "name": "GLSA-202003-34", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-34" }, { "name": "FEDORA-2020-ab8e7463ab", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "name": "FEDORA-2020-790296a8f4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "name": "openSUSE-SU-2020:0606", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "name": "DSA-4682", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4682" }, { "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8450", "datePublished": "2020-02-04T19:51:21", "dateReserved": "2020-01-30T00:00:00", "dateUpdated": "2024-08-04T09:56:28.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-8450\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-02-04T20:15:14.777\",\"lastModified\":\"2023-11-07T03:26:36.143\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Squid versiones anteriores a 4.10. Debido a una administraci\u00f3n del b\u00fafer incorrecta, un cliente remoto puede causar un desbordamiento del b\u00fafer en una instancia de Squid que act\u00faa como un proxy inverso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.10\",\"matchCriteriaId\":\"CCB84835-9A10-4970-8A4B-6467A2BD4FCB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.squid-cache.org/Advisories/SQUID-2020_1.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202003-34\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210304-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4289-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4682\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_4082
Vulnerability from csaf_redhat
Published
2020-09-30 07:07
Modified
2024-11-05 22:47
Summary
Red Hat Security Advisory: squid security update
Notes
Topic
An update for squid is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
* squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for squid is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)\n\n* squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)\n\n* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)\n\n* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)\n\n* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)\n\n* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)\n\n* squid: Improper input validation could result in a DoS (CVE-2020-24606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4082", "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "1871700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700" }, { "category": "external", "summary": "1871702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702" }, { "category": "external", "summary": "1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4082.json" } ], "title": "Red Hat Security Advisory: squid security update", "tracking": { "current_release_date": "2024-11-05T22:47:58+00:00", "generator": { "date": "2024-11-05T22:47:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4082", "initial_release_date": "2020-09-30T07:07:39+00:00", "revision_history": [ { "date": "2020-09-30T07:07:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-30T07:07:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:47:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.src", "product": { "name": "squid-7:3.5.20-17.el7_9.4.src", "product_id": "squid-7:3.5.20-17.el7_9.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=src\u0026epoch=7" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12528", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798534" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in FTP Gateway", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12528" }, { "category": "external", "summary": "RHBZ#1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12528", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12528" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ], "release_date": "2020-02-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\n\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in FTP Gateway" }, { "cve": "CVE-2020-8449", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798540" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation issues in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8449" }, { "category": "external", "summary": "RHBZ#1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8449", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation issues in HTTP Request processing" }, { "cve": "CVE-2020-8450", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798552" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in reverse-proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8450" }, { "category": "external", "summary": "RHBZ#1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8450", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in reverse-proxy configurations" }, { "cve": "CVE-2020-15049", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852550" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Request smuggling and poisoning attack against the HTTP cache", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15049" }, { "category": "external", "summary": "RHBZ#1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" } ], "release_date": "2020-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Request smuggling and poisoning attack against the HTTP cache" }, { "cve": "CVE-2020-15810", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871700" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Smuggling could result in cache poisoning", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15810" }, { "category": "external", "summary": "RHBZ#1871700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15810", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15810" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15810", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15810" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Disable the relaxed HTTP parser in `squid.conf`:\n\n```\nrelaxed_header_parser off\n```", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "squid: HTTP Request Smuggling could result in cache poisoning" }, { "cve": "CVE-2020-15811", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871702" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Splitting could result in cache poisoning", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15811" }, { "category": "external", "summary": "RHBZ#1871702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15811", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15811" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15811", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15811" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Disable the relaxed HTTP parser in `squid.conf`:\n\n```\nrelaxed_header_parser off\n```", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "squid: HTTP Request Splitting could result in cache poisoning" }, { "cve": "CVE-2020-24606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871705" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation could result in a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24606" }, { "category": "external", "summary": "RHBZ#1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24606", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Add the no-digest option to all cache_peer lines in squid.conf", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation could result in a DoS" } ] }
rhsa-2020_4743
Vulnerability from csaf_redhat
Published
2020-11-04 01:45
Modified
2024-11-05 22:56
Summary
Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update
Notes
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
The following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)
Security Fix(es):
* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)
* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)
* squid: Improper input validation in URI processor (CVE-2019-12523)
* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)
* squid: Heap overflow issue in URN processing (CVE-2019-12526)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)
* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)
* squid: Buffer overflow in URI processor (CVE-2019-18676)
* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)
* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)
* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)
* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)
* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: DoS in TLS handshake (CVE-2020-14058)
* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nThe following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)\n\nSecurity Fix(es):\n\n* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)\n\n* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)\n\n* squid: Improper input validation in URI processor (CVE-2019-12523)\n\n* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)\n\n* squid: Heap overflow issue in URN processing (CVE-2019-12526)\n\n* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)\n\n* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)\n\n* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)\n\n* squid: Buffer overflow in URI processor (CVE-2019-18676)\n\n* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)\n\n* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)\n\n* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)\n\n* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)\n\n* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)\n\n* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)\n\n* squid: DoS in TLS handshake (CVE-2020-14058)\n\n* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)\n\n* squid: Improper input validation could result in a DoS (CVE-2020-24606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4743", "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/" }, { "category": "external", "summary": "1730523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523" }, { "category": "external", "summary": "1730528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528" }, { "category": "external", "summary": "1770349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349" }, { "category": "external", "summary": "1770356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356" }, { "category": "external", "summary": "1770360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360" }, { "category": "external", "summary": "1770365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365" }, { "category": "external", "summary": "1770371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371" }, { "category": "external", "summary": "1770375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375" }, { "category": "external", "summary": "1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "1817121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121" }, { "category": "external", "summary": "1827558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558" }, { "category": "external", "summary": "1827562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562" }, { "category": "external", "summary": "1827570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570" }, { "category": "external", "summary": "1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "1852554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554" }, { "category": "external", "summary": "1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4743.json" } ], "title": "Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-05T22:56:43+00:00", "generator": { "date": "2024-11-05T22:56:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4743", "initial_release_date": "2020-11-04T01:45:05+00:00", "revision_history": [ { "date": "2020-11-04T01:45:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-04T01:45:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:56:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "squid:4:8030020200828070549:30b713e6", "product": { "name": "squid:4:8030020200828070549:30b713e6", "product_id": "squid:4:8030020200828070549:30b713e6", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/squid@4:8030020200828070549:30b713e6" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=src" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=src\u0026epoch=7" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, "product_reference": "squid:4:8030020200828070549:30b713e6", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12520", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827558" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo (username and password) for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation in request allows for proxy manipulation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12520" }, { "category": "external", "summary": "RHBZ#1827558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12520", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation in request allows for proxy manipulation" }, { "cve": "CVE-2019-12521", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827562" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12521" }, { "category": "external", "summary": "RHBZ#1827562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12521", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12521" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash" }, { "cve": "CVE-2019-12523", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770371" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation in URI processor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12523" }, { "category": "external", "summary": "RHBZ#1770371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12523" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Access to manager services can be prevented by enabling the Via header: (in /etc/squid/squid.conf)\n~~~ \nvia on\n~~~\nThere are no reliable workarounds to prevent access to restricted upstream servers.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation in URI processor" }, { "cve": "CVE-2019-12524", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827570" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. The Cache Manager for Squid has rules that, by default, block access to anyone other than the maintainer. An attacker, with the ability to send a properly crafted URL, can bypass the url_regex check and gain access to the blocked resource. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper access restriction in url_regex may lead to security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12524" }, { "category": "external", "summary": "RHBZ#1827570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12524", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12524" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper access restriction in url_regex may lead to security bypass" }, { "cve": "CVE-2019-12526", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770356" } ], "notes": [ { "category": "description", "text": "A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Heap overflow issue in URN processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.\n\nBecause of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12526" }, { "category": "external", "summary": "RHBZ#1770356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12526", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12526" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "The following mitigation is suggested by upstream:\n\nDeny urn: protocol URI being proxied to all clients:\n~~~\n acl URN proto URN\n http_access deny URN\n~~~", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Heap overflow issue in URN processing" }, { "cve": "CVE-2019-12528", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798534" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in FTP Gateway", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12528" }, { "category": "external", "summary": "RHBZ#1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12528", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12528" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ], "release_date": "2020-02-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\n\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in FTP Gateway" }, { "cve": "CVE-2019-12529", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730528" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Out of bounds read in Proxy-Authorization header causes DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12529" }, { "category": "external", "summary": "RHBZ#1730528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12529", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12529" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt" } ], "release_date": "2019-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Remove \u0027auth_param basic ...\u0027 configuration settings from squid.conf", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Out of bounds read in Proxy-Authorization header causes DoS" }, { "cve": "CVE-2019-12854", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730523" } ], "notes": [ { "category": "description", "text": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Denial of service in cachemgr.cgi", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12854" }, { "category": "external", "summary": "RHBZ#1730523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12854", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12854" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt" } ], "release_date": "2019-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Denial of service in cachemgr.cgi" }, { "cve": "CVE-2019-18676", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770375" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in URI processor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18676" }, { "category": "external", "summary": "RHBZ#1770375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18676", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18676" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in URI processor" }, { "cve": "CVE-2019-18677", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770365" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Cross-Site Request Forgery issue in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18677" }, { "category": "external", "summary": "RHBZ#1770365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18677", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18677" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "As per upstream:\n\nRemove append_domain configuration settings from squid.conf.\nThe append_domain feature is redundant when /etc/resolv.conf is used to determine hostnames. However, please note that use of /etc/resolv.conf may require removal of dns_nameservers and other redundant DNS directives.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Cross-Site Request Forgery issue in HTTP Request processing" }, { "cve": "CVE-2019-18678", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770349" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Splitting issue in HTTP message processing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18678" }, { "category": "external", "summary": "RHBZ#1770349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18678", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18678" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: HTTP Request Splitting issue in HTTP message processing" }, { "cve": "CVE-2019-18679", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770360" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in HTTP Digest Authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18679" }, { "category": "external", "summary": "RHBZ#1770360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18679", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Remove \u0027auth_param digest ...\u0027 configuration settings from squid.conf.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in HTTP Digest Authentication" }, { "cve": "CVE-2019-18860", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1817121" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18860" }, { "category": "external", "summary": "RHBZ#1817121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18860", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/504", "url": "https://github.com/squid-cache/squid/pull/504" } ], "release_date": "2019-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "The cachemgr.cgi script is not used by default. If you\u0027ve set this up manually and are worried about this issue, remove it from your server.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour" }, { "cve": "CVE-2020-8449", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798540" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation issues in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8449" }, { "category": "external", "summary": "RHBZ#1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8449", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation issues in HTTP Request processing" }, { "cve": "CVE-2020-8450", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798552" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in reverse-proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8450" }, { "category": "external", "summary": "RHBZ#1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8450", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in reverse-proxy configurations" }, { "cve": "CVE-2020-14058", "cwe": { "id": "CWE-676", "name": "Use of Potentially Dangerous Function" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852554" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: DoS in TLS handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14058" }, { "category": "external", "summary": "RHBZ#1852554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14058", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57" } ], "release_date": "2020-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: DoS in TLS handshake" }, { "cve": "CVE-2020-15049", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852550" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Request smuggling and poisoning attack against the HTTP cache", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15049" }, { "category": "external", "summary": "RHBZ#1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" } ], "release_date": "2020-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Request smuggling and poisoning attack against the HTTP cache" }, { "cve": "CVE-2020-24606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871705" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation could result in a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24606" }, { "category": "external", "summary": "RHBZ#1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24606", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Add the no-digest option to all cache_peer lines in squid.conf", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation could result in a DoS" } ] }
wid-sec-w-2023-1361
Vulnerability from csaf_certbund
Published
2020-02-03 23:00
Modified
2023-06-08 22:00
Summary
Squid: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Squid ist ein Open-Source Web Proxy Cache für Unix und Windows Plattformen. Die Software unterstützt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen, Sicherheitsvorkehrungen zu umgehen oder Code zur Ausführung zu bringen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Squid ist ein Open-Source Web Proxy Cache f\u00fcr Unix und Windows Plattformen. Die Software unterst\u00fctzt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um Informationen offenzulegen, einen Denial of Service zu verursachen, Sicherheitsvorkehrungen zu umgehen oder Code zur Ausf\u00fchrung zu bringen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1361 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-1361.json" }, { "category": "self", "summary": "WID-SEC-2023-1361 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1361" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1766 vom 2023-06-09", "url": "https://alas.aws.amazon.com/ALAS-2023-1766.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-2062 vom 2023-06-05", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2062.html" }, { "category": "external", "summary": "Squid Proxy Cache Security Update Advisory vom 2020-02-03", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt" }, { "category": "external", "summary": "Squid Proxy Cache Security Update Advisory vom 2020-02-03", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" }, { "category": "external", "summary": "Squid Proxy Cache Security Update Advisory vom 2020-02-03", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4289-1 vom 2020-02-20", "url": "https://usn.ubuntu.com/4289-1/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:0493-1 vom 2020-02-26", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200493-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:0487-1 vom 2020-02-26", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200487-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:0661-1 vom 2020-03-13", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200661-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1134-1 vom 2020-04-29", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201134-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1156-1 vom 2020-04-30", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201156-1.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4682 vom 2020-05-09", "url": "https://www.debian.org/security/2020/dsa-4682" }, { "category": "external", "summary": "Debian Security Advisory DLA-2278 vom 2020-07-11", "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00009.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1135 vom 2021-04-09", "url": "https://linux.oracle.com/errata/ELSA-2021-1135.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4082 vom 2020-09-30", "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4743 vom 2020-11-04", "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "source_lang": "en-US", "title": "Squid: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-08T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:29:45.612+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1361", "initial_release_date": "2020-02-03T23:00:00.000+00:00", "revision_history": [ { "date": "2020-02-03T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2020-02-20T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2020-02-26T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-03-12T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-03-25T23:00:00.000+00:00", "number": "5", "summary": "Referenz(en) aufgenommen: FEDORA-2020-AB8E7463AB" }, { "date": "2020-03-26T23:00:00.000+00:00", "number": "6", "summary": "Referenz(en) aufgenommen: FEDORA-2020-790296A8F4" }, { "date": "2020-04-29T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-05-03T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-05-10T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-07-12T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-09-29T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-11-03T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-08T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2023-06-05T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-06-08T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Open Source Squid \u003c 4.10", "product": { "name": "Open Source Squid \u003c 4.10", "product_id": "310956", "product_identification_helper": { "cpe": "cpe:/a:squid-cache:squid:3.4.10" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12528", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Squid aufgrund einer fehlerhaften Datenverwaltung, wenn FTP-Server-Listen in HTTP-Antworten \u00fcbersetzt werden. In der Folge kann ein entfernter anonymer Angreifer zuf\u00e4llige Speicherinhalte aus dem Heap offenlegen." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-02-03T23:00:00Z", "title": "CVE-2019-12528" }, { "cve": "CVE-2020-8449", "notes": [ { "category": "description", "text": "In Squid existieren mehrere Schwachstellen. Aufgrund falscher Eingabevalidierung kann Squid speziell gestaltete HTTP-Anforderungen auf unerwartete Weise interpretieren, um auf Server-Ressourcen zuzugreifen, die von Sicherheitsfiltern nicht erlaubt sind. In der Folge kommt es zu einem Puffer\u00fcberlauf, den ein entfernter Angreifer ausnutzen kann, um einen Denial of Service zu verursachen, die Zugriffskontrollen bzgl. Client und Proxy zu umgehen und um Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-02-03T23:00:00Z", "title": "CVE-2020-8449" }, { "cve": "CVE-2020-8450", "notes": [ { "category": "description", "text": "In Squid existieren mehrere Schwachstellen. Aufgrund falscher Eingabevalidierung kann Squid speziell gestaltete HTTP-Anforderungen auf unerwartete Weise interpretieren, um auf Server-Ressourcen zuzugreifen, die von Sicherheitsfiltern nicht erlaubt sind. In der Folge kommt es zu einem Puffer\u00fcberlauf, den ein entfernter Angreifer ausnutzen kann, um einen Denial of Service zu verursachen, die Zugriffskontrollen bzgl. Client und Proxy zu umgehen und um Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-02-03T23:00:00Z", "title": "CVE-2020-8450" }, { "cve": "CVE-2020-8517", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Squid. Aufgrund einer fehlerhaften Pufferverwaltung ist \"ext_lm_group_acl\" anf\u00e4llig f\u00fcr einen Denial-of-Service-Angriff bei der Verarbeitung von NTLM-Authentifizierungsreferenzen." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-02-03T23:00:00Z", "title": "CVE-2020-8517" } ] }
ghsa-vrcq-r42v-wc44
Vulnerability from github
Published
2022-05-24 17:08
Modified
2022-05-24 17:08
Details
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
{ "affected": [], "aliases": [ "CVE-2020-8450" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-02-04T20:15:00Z", "severity": "HIGH" }, "details": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "id": "GHSA-vrcq-r42v-wc44", "modified": "2022-05-24T17:08:01Z", "published": "2022-05-24T17:08:01Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202003-34" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20210304-0002" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4289-1" }, { "type": "WEB", "url": "https://www.debian.org/security/2020/dsa-4682" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "type": "WEB", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "type": "WEB", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "type": "WEB", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "type": "WEB", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" } ], "schema_version": "1.4.0", "severity": [] }
gsd-2020-8450
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-8450", "description": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "id": "GSD-2020-8450", "references": [ "https://www.suse.com/security/cve/CVE-2020-8450.html", "https://www.debian.org/security/2020/dsa-4682", "https://access.redhat.com/errata/RHSA-2020:4743", "https://access.redhat.com/errata/RHSA-2020:4082", "https://ubuntu.com/security/CVE-2020-8450", "https://advisories.mageia.org/CVE-2020-8450.html", "https://alas.aws.amazon.com/cve/html/CVE-2020-8450.html", "https://linux.oracle.com/cve/CVE-2020-8450.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-8450" ], "details": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "id": "GSD-2020-8450", "modified": "2023-12-13T01:21:54.383289Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", "refsource": "MISC", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" }, { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "name": "USN-4289-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4289-1/" }, { "name": "openSUSE-SU-2020:0307", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "name": "GLSA-202003-34", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-34" }, { "name": "FEDORA-2020-ab8e7463ab", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "name": "FEDORA-2020-790296a8f4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "name": "openSUSE-SU-2020:0606", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "name": "DSA-4682", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4682" }, { "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8450" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" }, { "lang": "en", "value": "CWE-131" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch" }, { "name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch" }, { "name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch" }, { "name": "USN-4289-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4289-1/" }, { "name": "openSUSE-SU-2020:0307", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "name": "GLSA-202003-34", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-34" }, { "name": "FEDORA-2020-ab8e7463ab", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "name": "FEDORA-2020-790296a8f4", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "name": "openSUSE-SU-2020:0606", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "name": "DSA-4682", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4682" }, { "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210304-0002/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210304-0002/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.4 } }, "lastModifiedDate": "2021-07-21T11:39Z", "publishedDate": "2020-02-04T20:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.